Skip to content

Commit

Permalink
fix(opencti): env from secret variable not taking precedence over nor…
Browse files Browse the repository at this point in the history 
…mal env (#50)

Co-authored-by: Esteban <[email protected]>
  • Loading branch information
@estemendoza @mendoza-esteban
estemendoza and mendoza-esteban authored Apr 11, 2024
1 parent f4f945d commit c9dfd01
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 49 deletions.
47 changes: 25 additions & 22 deletions charts/opencti/templates/connector/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,44 +54,47 @@ spec:
{{- end }}
imagePullPolicy: {{ .image.pullPolicy | default "IfNotPresent" }}
env:
# Variables in plain text
# Variables from secrets have precedence
{{- $envList := dict -}}

{{- if .envFromSecrets }}
{{- range $key, $value := .envFromSecrets }}
- name: {{ $key | upper }}
valueFrom:
secretKeyRef:
name: {{ $value.name }}
key: {{ $value.key | default $key }}
{{- $_ := set $envList $key true }}
{{- end }}
{{- end }}

{{- if and (not (hasKey $envList "OPENCTI_TOKEN")) (.env.APP__ADMIN__TOKEN) }}
- name: OPENCTI_TOKEN
value: "{{ .env.APP__ADMIN__TOKEN }}"
{{- end }}

# Special handling for OPENCTI_URL which is constructed from other values
{{- if not (hasKey $.Values.env "OPENCTI_URL") }}
{{- if eq $.Values.env.APP__BASE_PATH "/" }}
- name: OPENCTI_URL
value: "http://{{ include "opencti.fullname" $ }}-server:{{ $.Values.service.port }}"
{{- else }}
- name: OPENCTI_URL
value: "http://{{ include "opencti.fullname" $ }}-server:{{ $.Values.service.port }}{{ $.Values.env.APP__BASE_PATH }}"
{{- end }}

{{- if $.Values.env.APP__ADMIN__TOKEN }}
- name: OPENCTI_TOKEN
value: "{{ $.Values.env.APP__ADMIN__TOKEN }}"
{{- end }}

{{- if $.Values.connectorsGlobalEnv }}
{{- range $key, $value := $.Values.connectorsGlobalEnv }}
- name: {{ $key | upper }}
value: {{ $value | quote }}
{{- end }}
{{- end }}

# Add Variables in plain text if they were not already added from secrets
{{- if .env }}
{{- range $key, $value := .env }}
{{- if not (hasKey $envList $key) }}
- name: {{ $key | upper }}
value: {{ $value | quote }}
{{- $_ := set $envList $key true }}
{{- end }}
{{- end }}

# Variables from secrets
{{- if .envFromSecrets }}
{{- range $key, $value := .envFromSecrets }}
- name: {{ $key | upper }}
valueFrom:
secretKeyRef:
name: {{ $value.name }}
key: {{ $value.key | default $key }}
{{- end }}
{{- end }}

resources:
{{- toYaml .resources | nindent 12 }}
{{- with .nodeSelector }}
Expand Down
28 changes: 13 additions & 15 deletions charts/opencti/templates/server/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,34 +123,32 @@ spec:
- name: PROVIDERS__LOCAL__STRATEGY
value: LocalStrategy

# Variables in plain text
{{- if .Values.env }}
{{- range $key, $value := .Values.env }}
- name: {{ $key | upper }}
value: {{ $value | quote }}
{{- end }}
{{- end }}

# Variables from secrets
# Variables from secrets have precedence
{{- $envList := dict -}}
{{- if .Values.envFromSecrets }}
{{- range $key, $value := .Values.envFromSecrets }}
{{- if not (hasKey $envList $key) }}
- name: {{ $key | upper }}
valueFrom:
secretKeyRef:
name: {{ $value.name }}
key: {{ $value.key | default $key }}
{{- $_ := set $envList $key true }}
{{- end }}
{{- end }}
{{- end }}

{{- if .Values.envFromSecrets }}
{{- range $key, $value := .Values.envFromSecrets }}
# Add Variables in plain text if they were not already added from secrets
{{- if .Values.env }}
{{- range $key, $value := .Values.env }}
{{- if not (hasKey $envList $key) }}
- name: {{ $key | upper }}
valueFrom:
secretKeyRef:
name: {{ $value.name }}
key: {{ $value.key | default $key }}
value: {{ $value | quote }}
{{- $_ := set $envList $key true }}
{{- end }}
{{- end }}
{{- end }}

resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
Expand Down
37 changes: 25 additions & 12 deletions charts/opencti/templates/worker/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,35 +64,48 @@ spec:
protocol: TCP
{{- end }}
env:
# Variables in plain text
# Variables from secrets have precedence

{{- $envList := dict -}}

{{- if .Values.worker.envFromSecrets }}
{{- range $key, $value := .Values.worker.envFromSecrets }}
- name: {{ $key | upper }}
valueFrom:
secretKeyRef:
name: {{ $value.name }}
key: {{ $value.key | default $key }}
{{- $_ := set $envList $key true }}
{{- end }}
{{- end }}

# Special handling for OPENCTI_URL which is constructed from other values
{{- if not (hasKey $envList "OPENCTI_URL") }}
{{- if eq .Values.env.APP__BASE_PATH "/" }}
- name: OPENCTI_URL
value: "http://{{ include "opencti.fullname" . }}-server:{{ .Values.service.port }}"
{{- else }}
- name: OPENCTI_URL
value: "http://{{ include "opencti.fullname" . }}-server:{{ .Values.service.port }}{{ .Values.env.APP__BASE_PATH }}"
{{- end }}
{{- if .Values.env.APP__ADMIN__TOKEN }}
{{- end }}

{{- if and (not (hasKey $envList "OPENCTI_TOKEN")) (.Values.env.APP__ADMIN__TOKEN) }}
- name: OPENCTI_TOKEN
value: "{{ .Values.env.APP__ADMIN__TOKEN }}"
{{- end }}

# Add Variables in plain text from .Values.worker.env if they were not already added from secrets
{{- if .Values.worker.env }}
{{- range $key, $value := .Values.worker.env }}
{{- if not (hasKey $envList $key) }}
- name: {{ $key | upper }}
value: {{ $value | quote }}
{{- $_ := set $envList $key true }}
{{- end }}
{{- end }}

# Variables from secrets
{{- if .Values.worker.envFromSecrets }}
{{- range $key, $value := .Values.worker.envFromSecrets }}
- name: {{ $key | upper }}
valueFrom:
secretKeyRef:
name: {{ $value.name }}
key: {{ $value.key | default $key }}
{{- end }}
{{- end }}

resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
{{- with .Values.worker.nodeSelector }}
Expand Down

0 comments on commit c9dfd01

Please sign in to comment.